CVE-2005-2873

NameCVE-2005-2873
DescriptionThe ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vulnerability than CVE-2005-2872.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs332231, 332381

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kernel-source-2.6.8source(unstable)(unfixed)low332231
linux-2.6source(unstable)2.6.18-1low332381

Notes

[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
Dave Miller didn't like the proposed fix and considers a complete rewrite
of ipt_recent the best solution, which seems to occur soon
Search for package or bug name: Reporting problems